Cisco Identity Services Engine Base License 100 End Points

Product Overview

Main Features

License

100 endpoints

ESD

The Cisco Identity Services Engine has a fourth role/service type, the posture enforcement service, but this service has to run as a standalone service on an Identity Services Engine physical appliance. The posture enforcement service is only needed in posture uses cases where the network access device does not support the necessary advanced RADIUS control features, such as change of authorization (CoA). The service would be typically positioned behind network access devices such as VPN concentrators on the network. The service can be configured for high availability with an active-standby pair.

The Cisco Identity Services Engine has a highly available and scalable architecture that supports standalone, centralized, and/or distributed deployments. In a distributed environment, you can have one primary node and a number of secondary nodes, with individual services having separate high-availability configuration options. Typical high-availability configurations would split primary and secondary nodes across separate physical or virtual appliances.

Rated 4 out of 5 by Alfred Polela from Enables us to protect our network but it should be more user-friendlyWhat is our primary use case?We use this solution to protect the network especially when someone brings their own device and to lock out access to anybody connecting to the network. Also to make sure that the people connect to the correct VLAN. So, mainly for security wifi access so that when people want to connect to our wifi they have to log in using their credentials.How has it helped my organization?We give guests limited access to the internet when they come in so that access has been useful. Previously, we just used to give them the APN key which they would leave with. Now, we give them credentials to use that are for a limited period of time.For how long have I used the solution?Less than one year.What do I think about the stability of the solution?It is stable. Any time we found an issue we would get in touch with the reseller to help fix it. Then they tell us where the problem is and we'll know where to look.What do I think about the scalability of the solution?It is scalable. We have around 350 users. We required two staff members for maintenance but they don't have enough knowledge so we have to reach out externally for more help.How are customer service and technical support?Their technical support has been good. They have been responsive every time we have an issue. They get logs, check and then give us feedback of which corrections to do.How was the initial setup?The initial setup was complex. We had to engage an expert. When we rolled it out we would find challenges and then we would have to find a way of fixing those challenges. Out of nowhere, it would lock out all users. Then we discovered that no, the password had expired for the service account. We needed to make it none expiry.Deployment took about a month. We had to do project planning, discuss the plan with the team, and by the end, it was a month.What about the implementation team?We used a reseller for the implementation and we had a good experience with them.What's my experience with pricing, setup cost, and licensing?If you go directly with Cisco for the implementation it's very, very expensive.Which other solutions did I evaluate?We also looked at Aruba.What other advice do I have?It's a good product but it requires technical support and knowledge otherwise it will be difficult to manage and run it. It requires somebody to be configuring issues. You need protection as you advance in the usage but it's a good product.I would rate this solution an eight out of ten. In order to make it a ten, it should be more user-friendly. You need somebody who is knowledgeable about it to use it. It's not easy to use. We have to rely heavily on technical support.Disclaimer: I am a real user, and this review is based on my own experience and opinions.

Date published: 2019-02-26

Rated 4 out of 5 by WiFiSuperman from It has a centralized and unified highly secure access control with ISE, which grew out of ACS.Valuable Features:Cisco ISE now competes with any other product in the space because of its centralized and unified highly secure access control with ISE. ISE grew out of ACS and in the process has grown up.Room for Improvement:The learning curve is steep and the initial setup is complex.Use of Solution:We've used it for two years.Deployment Issues:There were minimal issues with deployment.Stability Issues:We've had no issues with stability.Scalability Issues:We've had no issues with scalability.Customer Service:Customer service is good.Technical Support:Technical support is very good.Previous Solutions:Yes. I am a consultant, so I have used many competing products over the years.Initial Setup:The initial setup is complex, but not if you fully vet the solution and leverage the functionality.Implementation Team:I am the services firm that does this work and the SME for my organization.Cost and Licensing Advice:There are three levels of pricing: basic, plus, and apex. Basic satisfied our needs.Other Solutions Considered:Yes, we used ClearPass.Other Advice:Not all features are available with base license, plus license allows for profiling and provisioningDisclaimer: My company has a business relationship with this vendor other than being a customer:We resell Cisco.

Date published: 2016-12-05

Rated 4 out of 5 by WiFiSuperman from It has a centralized and unified highly secure access control with ISE, which grew out of ACS.Valuable Features:Cisco ISE now competes with any other product in the space because of its centralized and unified highly secure access control with ISE. ISE grew out of ACS and in the process has grown up.Room for Improvement:The learning curve is steep and the initial setup is complex.Use of Solution:We've used it for one year and a half.Deployment Issues:There were minimal issues with deployment.Stability Issues:We've had no issues with stability.Scalability Issues:We've had no issues with scalability.Customer Service:Customer service is good.Technical Support:Technical support is very good.Previous Solutions:Yes. I am a consultant, so I have used many competing products over the years.Initial Setup:The initial setup is complex, but not if you fully vet the solution and leverage the functionality.Implementation Team:I am the services firm that does this work and the SME for my organization.Cost and Licensing Advice:There are three levels of pricing: basic, plus, and apex. Basic satisfied our needs.Other Solutions Considered:Yes, we used ClearPass.Other Advice:Not all features are available with base license, plus license allows for profiling and provisioningDisclaimer: My company has a business relationship with this vendor other than being a customer:We resell Cisco.

Date published: 2016-06-26

Rated 4 out of 5 by WiFiSuperman from Profile Sets help organize how AAA is handled by grouping, like traffic into separate subroutines.Valuable Features:Profile Sets help organize how AAA is handled by grouping, like traffic into separate subroutines.Improvements to My Organization:We implement this for customers is various verticals. Most of the time oit is in Education. It really helps secure, classify and manage users including guest and BYOD users.Room for Improvement:The product has improved with its evolution. The initial setup, though, is extremely complex.Use of Solution:10 years. I have used this since it was Cisco ACSDeployment Issues:As the product matures I encounter less and less problems.Scalability Issues:The produt scales well.Technical Support:Excellent. TACis quite knowledgable.Previous Solutions:I have used Microsoft IAS/NPS, Funk, and Aruba ClearPass. ClearPass is the only product in the same league as Cisco ISE.Initial Setup:ISE is extremely complex. With the functionality and flexibility it offers that is to be expected.Implementation Team:I am the vendors's partner.Cost and Licensing Advice:Licensing and pricing is a complicated calculation, so it is best to really understand your customers' needs. Also team up with the right resources at Cisco for help.Disclaimer: My company has a business relationship with this vendor other than being a customer:We resell this product and the services associated with it. I have used several other RADIUS/security products from various vendors.

Date published: 2016-03-15

Rated 4 out of 5 by Tommy Nguyen from This technology is based upon utilizing other Cisco products such as IDS, IPS, ASA and Catalyst switches.Valuable Features:Cisco Identity Services Engine (ISE) version 1.3 has improved it's GUI margin and much easier to navigate than the previous versions.This technology pride itself with Trust Sec and 802.1x feature. Trust Sec can be an advantage when an environment is nothing but a Cisco workshop.This technology is based upon utilizing other Cisco products such as IDS, IPS, ASA and Catalyst switches. It provides the RADIUS feature for Active Directory so that 802.1x (EAP over LAN) is properly utilized for User Authentication.It also does MAC Address Bypass (MAB) for MAC Address verification and authentication.Cisco will integrate the TACACS+ feature into ISE version 2.0 and enterprises no longer need Cisco ACS for this reason.Improvements to My Organization:Many organizations and large enterprises are faced with the daunting task of keeping their security issues at bay. They also need to be in compliant with the Cyber Security's strict guidelines and orders.While there are many cyber attacks from the outside of the edge routers, cyber attacks can also be implemented within the organization whether it is either intentional or unintentional. Cisco ISE can mitigate many attacks such as MAC spoofing, VLAN hopping, DHCP Starvation and ARP Snooping.By implementing ISE, it can lighten the overhead of the Cisco Catalyst Switches by not implementing port security, Dynamic Arp Inspection, DHCP Snooping. This will also improve the switch's performance since the ISE server takes over the duty of posturing with its Policy Service Node persona.Room for Improvement:Cisco ISE has improved performances on Access Switches and closely monitored the daily suspicious or rogue activities within the organization.Deployment Issues:We've had no issues with deployment.Stability Issues:We've had no issues with stability.Scalability Issues:We've been able to scale it for our needs.Disclaimer: I am a real user, and this review is based on my own experience and opinions.